def main(debug, verbose, decoder_dir, decoder_source):
# Setup logging
kordesii.setup_logging()
if debug:
logging.root.setLevel(logging.DEBUG)
elif verbose:
logging.root.setLevel(logging.INFO)
# else let log_config.yaml set log level.
# Register parsers
kordesii.register_entry_points()
if decoder_dir:
kordesii.register_decoder_directory(decoder_dir)
if decoder_source:
kordesii.set_default_source(decoder_source)
def run_kordesii_decoder(self, decoder_name: str, warn_no_strings=True):
"""
Run the specified kordesii decoder against the file data. The reporter object is returned
and can be accessed as necessary to obtain output files, etc.
:param decoder_name: name of the decoder to run
:param warn_no_strings: Whether to produce a warning if no string were found.
:return: Instance of the kordesii_reporter.
:raises RuntimeError: If kordesii is not installed.
"""
if not kordesii:
raise RuntimeError("Please install kordesii to use this function.")
# Pull from cache if we already ran this decoder.
if decoder_name in self._kordesii_cache:
return self._kordesii_cache[decoder_name]
logger.info(
f"Running {decoder_name} kordesii decoder on file {self.file_name}."
)
# Ensure decoderdir sources are populated
kordesii.register_entry_points()
kordesii_reporter = kordesii.Reporter(base64outputfiles=True)
kordesii_reporter.run_decoder(decoder_name,
data=self.file_data,
log=True)
if warn_no_strings:
decrypted_strings = kordesii_reporter.get_strings()
if not decrypted_strings:
# Not necessarily a bad thing, the decoder might be used for something else.
logger.info(
f"No decrypted strings were returned by the decoder for file {self.file_name}."
)
# Cache results
self._kordesii_cache[decoder_name] = kordesii_reporter
return kordesii_reporter
def __init__(self,
decoderdir=None,
tempdir=None,
disabletempcleanup=False,
disabledebug=False,
base64outputfiles=False,
):
# defaults
if decoderdir:
warnings.warn(
'Supplying a decoderdir in the Reporter class is no longer supported. '
'Please call kordesii.register_decoder_directory() beforehand instead.', DeprecationWarning)
kordesii.register_decoder_directory(decoderdir)
else:
# This is here until to keep backwards compatibility. In the future this will be removed
# and the user/tool will need to call this once on startup.
kordesii.register_entry_points()
if disabledebug:
warnings.warn('Supplying a disabledebug in the Reporter class is no longer supported. '
'Please set the log level using the logging library instead.', DeprecationWarning)
# You would think disabling "debug" would mean to set log level to INFO, however "reporter.debug()"
# was really used for INFO level logs, so set level to WARNING instead.
logging.root.setLevel(logging.WARNING)
self.tempdir = tempdir or tempfile.gettempdir()
self.metadata = {}
self.errors = []
# TODO: Remove disassembler specific details from reporter.
self.ida_log = ''
self._log_handler = None
self._temp_file_name = ''
self._managed_tempdir = ''
self._disable_temp_cleanup = disabletempcleanup
self._base64_output_files = base64outputfiles
self._other_data = None
self._deserialized_data = {}
def init_app(app):
kordesii.register_entry_points()
def main():
""" Run tool. """
print('')
# Get command line arguments
argparser = get_arg_parser()
args = argparser.parse_args()
# Setup logging
kordesii.setup_logging()
if args.debug:
logging.root.setLevel(logging.DEBUG)
else:
logging.root.setLevel(
logging.ERROR
) # By default, ignore all warning, info, and debug messages.
# Register decoders
kordesii.register_entry_points()
if args.decoderdir:
kordesii.register_decoder_directory(args.decoderdir)
if args.decodersource:
kordesii.set_default_source(args.decodersource)
# Configure reporter based on args
reporter = Reporter()
# Configure test object
if args.all_tests or not args.decoder_name:
decoders = [None]
else:
decoders = [args.decoder_name]
tester = Tester(reporter,
results_dir=args.test_case_dir,
decoder_names=decoders,
nprocs=args.nprocs,
field_names=filter(None, args.field_names.split(",")),
ignore_field_names=filter(
None, args.exclude_field_names.split(",")))
# Gather all our input files
input_files = []
if args.input_file:
input_files = read_input_list(args.input_file)
# Add/Delete
if args.delete or args.update:
if not args.decoder_name:
sys.exit(
'Decoder must be provided when adding or deleting a file from a test case.'
)
for input_file in input_files:
if args.delete:
tester.remove_test(input_file)
else:
tester.add_test(input_file)
# Update
elif args.update:
if not args.decoder_name:
sys.exit('Decoder must be provided when updating a test case.')
tester.update_tests()
# Default is to run test cases
else:
_run_tests(tester,
silent=args.silent,
show_passed=not args.only_failed_tests)
def main():
kordesii.register_entry_points()
run(app, server='auto', host='localhost', port=8081)
(tempdir, str(e)))
# Format and return results
output = reporter.metadata
if reporter.errors:
output["error"] = str(reporter.errors)
for error in reporter.errors:
logger.error("_run_decoder %s %s %s" % (name, filename, error))
if append_output_text:
output["output_text"] = reporter.get_output_text()
return output
except Exception as e:
output = {'error': traceback.format_exc()}
logger.error("_run_decoder %s %s %s" %
(name, filename, traceback.format_exc()))
return output
def main():
kordesii.register_entry_points()
run(app, server='auto', host='localhost', port=8081)
if __name__ == '__main__':
main()
else:
kordesii.register_entry_points()
application = app
def main():
"""
Takes args from the command line, runs IDA, and returns with IDA's returncode on success or a message
on failure.
"""
opt_parse = make_opt_parser()
options, args = opt_parse.parse_args()
# Setup logging
kordesii.setup_logging()
if options.hidedebug:
logging.root.setLevel(logging.ERROR)
elif options.debug:
logging.root.setLevel(logging.DEBUG)
else:
logging.root.setLevel(logging.INFO)
# Register decoders
kordesii.register_entry_points()
if options.decoderdir:
kordesii.register_decoder_directory(options.decoderdir)
if options.decodersource:
kordesii.set_default_source(options.decodersource)
# List out decoder names and exit
if options.list:
_print_decoders(json_output=options.jsonoutput)
sys.exit(0)
# Currently only allow one file to be passed in
if not args or len(args) != 1:
opt_parse.print_help()
return
# If we can not create reporter object there is very little we can do. Just die immediately.
try:
reporter = Reporter(
tempdir=options.tempdir,
disabletempcleanup=options.disabletempcleanup,
disabledebug=options.hidedebug,
)
except Exception as e:
error_message = "Error loading DC3-Kordesii reporter object, please check installation: %s" % (
traceback.format_exc())
if options.jsonoutput:
print('{"errors": ["%s"]}' % error_message)
else:
print(error_message)
sys.exit(1)
# Run decoder
if options.decoder:
# Grab file from arguments
input_file = os.path.abspath(args[0])
# Run the decoder
reporter.run_decoder(
options.decoder,
input_file,
timeout=options.timeout,
autonomous=options.autonomous,
log=options.enableidalog,
cleanup_txt_files=not options.disabletxtcleanup,
cleanup_output_files=options.enableoutputfilecleanup,
cleanup_idb_files=options.enableidbcleanup)
# Output results
if options.jsonoutput:
output = reporter.metadata
if reporter.errors:
output["errors"] = reporter.errors
if reporter.ida_log:
output["ida_log"] = reporter.ida_log
print(json.dumps(output, indent=4))
else:
reporter.print_report()